11-17-2004 10:21 AM - edited 02-21-2020 01:27 PM
I am setting up four site to site VPN's for support companies and would like some assistance. I have got two 1760 with ADSL cards in, and a pix 515e with 6 FE ports, Each ADSL line has a single 'live address' provided from the ISP's. I would like to terminate the VPN tunnels at the firewall. Each support company will only come thru one of the adsl lines, which means I can block all traffic except the incoming VPN.
Is this the best way to do it ??
11-17-2004 01:08 PM
terminating the ipsec tunnels on the PIX will not harm the security aspect of your design. the traffic flowing through the tunnel is anyway restricted by using crypto ACLs... so, there is no way that each company will see others...
you can also think of terminating the tunnels on the router and possibly filter the incoming vpn traffic on the PIX...
first solution is the most widely used... you can anyway think over !!!
All the best !!
11-22-2004 03:34 AM
Thanks for your re-assurance, I am currently trying to configure the router to nat all traffic from ip address 66.66.66.66 (support company live address) to the private address of the firewall (outside interface), and blocking all other traffic. Can you help as I am not having much luck.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide